diff options
| author | Gerald Carter <jerry@samba.org> | 2003-07-16 05:34:56 +0000 |
|---|---|---|
| committer | Gerald Carter <jerry@samba.org> | 2003-07-16 05:34:56 +0000 |
| commit | 4a090ba06a54f5da179ac02bb307cc03d08831bf (patch) | |
| tree | ed652ef36be7f16682c358816334f969a22f1c27 /source3/libsmb/trusts_util.c | |
| parent | 95fe82670032a3a43571b46d7bbf2c26bc8cdcd9 (diff) | |
| download | samba-4a090ba06a54f5da179ac02bb307cc03d08831bf.tar.gz samba-4a090ba06a54f5da179ac02bb307cc03d08831bf.tar.bz2 samba-4a090ba06a54f5da179ac02bb307cc03d08831bf.zip | |
trying to get HEAD building again. If you want the code
prior to this merge, checkout HEAD_PRE_3_0_0_BETA_3_MERGE
(This used to be commit adb98e7b7cd0f025b52c570e4034eebf4047b1ad)
Diffstat (limited to 'source3/libsmb/trusts_util.c')
| -rw-r--r-- | source3/libsmb/trusts_util.c | 95 |
1 files changed, 58 insertions, 37 deletions
diff --git a/source3/libsmb/trusts_util.c b/source3/libsmb/trusts_util.c index 6244c844f2..77e63709aa 100644 --- a/source3/libsmb/trusts_util.c +++ b/source3/libsmb/trusts_util.c @@ -1,4 +1,4 @@ -/* +/* * Unix SMB/CIFS implementation. * Routines to operate on various trust relationships * Copyright (C) Andrew Bartlett 2001 @@ -123,47 +123,68 @@ NTSTATUS trust_pw_find_change_and_store_it(struct cli_state *cli, } +/********************************************************************* + Enumerate the list of trusted domains from a DC +*********************************************************************/ -/** - * Verify whether or not given domain is trusted. - * - * @param domain_name name of the domain to be verified - * @return true if domain is one of the trusted once or - * false if otherwise - **/ - -BOOL is_trusted_domain(const char* dom_name) +BOOL enumerate_domain_trusts( TALLOC_CTX *mem_ctx, const char *domain, + char ***domain_names, uint32 *num_domains, + DOM_SID **sids ) { - DOM_SID trustdom_sid; - char *pass = NULL; - time_t lct; - BOOL ret; - - if (lp_server_role() == ROLE_DOMAIN_BDC || lp_server_role() == ROLE_DOMAIN_PDC) { - /* - * Query the secrets db as an ultimate source of information - * about trusted domain names. This is PDC or BDC case. - */ - ret = secrets_fetch_trusted_domain_password(dom_name, &pass, &trustdom_sid, &lct); - SAFE_FREE(pass); - if (ret) - return ret; + POLICY_HND pol; + NTSTATUS result = NT_STATUS_UNSUCCESSFUL; + fstring dc_name; + struct in_addr dc_ip; + uint32 enum_ctx = 0; + struct cli_state *cli = NULL; + BOOL retry; + + *domain_names = NULL; + *num_domains = 0; + *sids = NULL; + + /* lookup a DC first */ + + if ( !get_dc_name(domain, dc_name, &dc_ip) ) { + DEBUG(3,("enumerate_domain_trusts: can't locate a DC for domain %s\n", + domain)); + return False; } - /* - * Query the trustdom_cache updated periodically. The only - * way for domain member server. - */ - if (trustdom_cache_enable() && - trustdom_cache_fetch(dom_name, &trustdom_sid)) { - trustdom_cache_shutdown(); - return True; + /* setup the anonymous connection */ + + result = cli_full_connection( &cli, global_myname(), dc_name, &dc_ip, 0, "IPC$", "IPC", + "", "", "", 0, &retry); + if ( !NT_STATUS_IS_OK(result) ) + goto done; + + /* open the LSARPC_PIPE */ + + if ( !cli_nt_session_open( cli, PI_LSARPC ) ) { + result = NT_STATUS_UNSUCCESSFUL; + goto done; } - /* - * if nothing's been found, then give up here, although - * the last resort might be to query the PDC. - */ - return False; + /* get a handle */ + + result = cli_lsa_open_policy(cli, mem_ctx, True, + POLICY_VIEW_LOCAL_INFORMATION, &pol); + if ( !NT_STATUS_IS_OK(result) ) + goto done; + + /* Lookup list of trusted domains */ + + result = cli_lsa_enum_trust_dom(cli, mem_ctx, &pol, &enum_ctx, + num_domains, domain_names, sids); + if ( !NT_STATUS_IS_OK(result) ) + goto done; + +done: + /* cleanup */ + + cli_nt_session_close( cli ); + cli_shutdown( cli ); + + return NT_STATUS_IS_OK(result); } |